CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 187
1. When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
A) Ensuring accessibility should a disaster occur
B) Versioning control as plans are modified
C) Broken hyperlinks to resources stored elsewhere
D) Tracking changes in personnel and plan assets
2. Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?
A) Verify the date that signature files were last pushed out
B) Use a recently identified benign virus to test if it is quarantined
C) Research the most recent signature file and compare to the console
D) Check a sample of servers that the signature files are current
3. Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
A) Reboot the border router connected to the firewall
B) Check IDS logs and monitor for any active attacks
C) Update IDS software to the latest available version
D) Enable server trace logging on the DMZ segment
4. Which of the following are the MOST important criteria when selecting virus protection software?
A) Product market share and annualized cost
B) Ability to interface with intrusion detection system (IDS) software and firewalls
C) Alert notifications and impact assessments for new viruses
D) Ease of maintenance and frequency of updates
5. Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?
A) Most new viruses* signatures are identified over weekends
B) Technical personnel are not available to support the operation
C) Systems are vulnerable to new viruses during the intervening week
D) The update's success or failure is not known until Monday
A) Ensuring accessibility should a disaster occur
B) Versioning control as plans are modified
C) Broken hyperlinks to resources stored elsewhere
D) Tracking changes in personnel and plan assets
2. Which of the following is the BEST way to verify that all critical production servers are utilizing up-to- date virus signature files?
A) Verify the date that signature files were last pushed out
B) Use a recently identified benign virus to test if it is quarantined
C) Research the most recent signature file and compare to the console
D) Check a sample of servers that the signature files are current
3. Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
A) Reboot the border router connected to the firewall
B) Check IDS logs and monitor for any active attacks
C) Update IDS software to the latest available version
D) Enable server trace logging on the DMZ segment
4. Which of the following are the MOST important criteria when selecting virus protection software?
A) Product market share and annualized cost
B) Ability to interface with intrusion detection system (IDS) software and firewalls
C) Alert notifications and impact assessments for new viruses
D) Ease of maintenance and frequency of updates
5. Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23.00 hrs.)?
A) Most new viruses* signatures are identified over weekends
B) Technical personnel are not available to support the operation
C) Systems are vulnerable to new viruses during the intervening week
D) The update's success or failure is not known until Monday
1. Right Answer: A
Explanation: If all of the plans exist only in electronic form, this presents a serious weakness if the electronic version is dependent on restoration of the intranet or other systems that are no longer available. Versioning control and tracking changes in personnel and plan assets is actually easier with an automated system. Broken hyperlinks are a concern, but less serious than plan accessibility.
2. Right Answer: D
Explanation: The only accurate way to check the signature files is to look at a sample of servers. The fact that an update was pushed out to a server does not guarantee that it was properly loaded onto that server. Checking the vendor information to the management console would still not be indicative as to whether the file was properly loaded on the server. Personnel should never release a virus, no matter how benign.
3. Right Answer: B
Explanation: Information security should check the intrusion detection system (IDS) logs and continue to monitor the situation. It would be inappropriate to take any action beyond that. In fact, updating the IDS could create a temporary exposure until the new version can be properly tuned. Rebooting the router and enabling server trace routing would not be warranted.
4. Right Answer: D
Explanation: For the software to be effective, it must be easy to maintain and keep current. Market share and annualized cost, links to the intrusion detection system (IDS) and automatic notifications are all secondary in nature.
5. Right Answer: C
Explanation: Updating virus signature files on a weekly basis carries the risk that the systems will be vulnerable to viruses released during the week; far more frequent updating is essential. All other issues are secondary to this very serious exposure.
Explanation: If all of the plans exist only in electronic form, this presents a serious weakness if the electronic version is dependent on restoration of the intranet or other systems that are no longer available. Versioning control and tracking changes in personnel and plan assets is actually easier with an automated system. Broken hyperlinks are a concern, but less serious than plan accessibility.
2. Right Answer: D
Explanation: The only accurate way to check the signature files is to look at a sample of servers. The fact that an update was pushed out to a server does not guarantee that it was properly loaded onto that server. Checking the vendor information to the management console would still not be indicative as to whether the file was properly loaded on the server. Personnel should never release a virus, no matter how benign.
3. Right Answer: B
Explanation: Information security should check the intrusion detection system (IDS) logs and continue to monitor the situation. It would be inappropriate to take any action beyond that. In fact, updating the IDS could create a temporary exposure until the new version can be properly tuned. Rebooting the router and enabling server trace routing would not be warranted.
4. Right Answer: D
Explanation: For the software to be effective, it must be easy to maintain and keep current. Market share and annualized cost, links to the intrusion detection system (IDS) and automatic notifications are all secondary in nature.
5. Right Answer: C
Explanation: Updating virus signature files on a weekly basis carries the risk that the systems will be vulnerable to viruses released during the week; far more frequent updating is essential. All other issues are secondary to this very serious exposure.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment